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DETAILED ACTION 

The instant application having Application No. 10/532434 is presented for 
examination by the examiner. Claims 28, 30-38, 40-42, 44-48, and 75-80 are pending. 
Claims 28, 30-38, 40-42, and 44-48 have been amended. 

Response to Amendment 

Claim Objections 

Claim 43 has been canceled, rendering the claim objection moot. 

Response to Arguments 

Applicant's arguments with respect to claims 28 and 38 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 
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Claims 28, 30, 33-34, 36-38, 40, and 44, 45, 47, 48, 79, and 80 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over USP 7,325,252 to Bunker et al., 
hereinafter Bunker in view of USP Application Publication 2003/0212908 to Piesco. 

As per claims 28 and 38, Bunker teaches a computer emergency response 
system linked to a plurality of computer systems, the system comprising: 

an information section configured to collect system information and security 
information related to a security incident that is a threat to at least one of the plurality of 
computer systems (col. 3, lines 24-28); 

a test bed configured to perform an attack simulation for the at least one 
computer system based on the system information and security information, under 
conditions similar to those of the at least one computer system (col. 4, lines 5-1 5); and 

an assessment section configured to assess the security incident based on the 
simulation (col. 4, lines 17-30). 

Bunker is silent in explicitly disclosing the attack simulation is performed at the 
test bed. Piesco teaches performing an attack simulation at a test bed (simulated 
network environment; 0015, 0019, and 0020). Bunker teaches performing the simulated 
attacks on the actual network. Piesco teaching of simulating attacks on a simulated 
network instead of the real network allows real-time analysis without having actual 
network devices present and tied up (0033). Therefore it would have been obvious to 
one of ordinary skill in the art at the time of the invention to combine the teachings of 
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Piesco with Bunker in order to efficiently run a multitude of simulated attacks without 
actually tying up the resources. 

As per claims 30 and 40, Bunker teaches the assessment section assesses the 
security incident by classifying the incident into of several levels of attack (col. 4, lines 
50-55 and col. 7, lines 35-45). 

As per claims 33 and 44, Bunker teaches the assessment section is further 
configured to provide a test scenario for the attack simulation to the test bed (col. 4, 
lines 60-65), including a method of attack and frequency of attack (col. 4, lines 5-1 0). 

As per claims 34 and 45, Bunker teaches the assessment section is further 
configured to provide additional test scenarios for the attack simulation to the test bed 
until the security incident has been simulated on each of the plurality of computer 
systems (col. 4, lines 10-15). 

As per claim 36, Bunker teaches a warning section configured to issue an alert to 
the at least one computer system based on the assessment of the security incident by 
the assessment section (col. 4, line 60), wherein the alert includes steps for responding 
to the security incident [countermeasures; col. 4, lines 62-66). 
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As per claims 37 and 48, Bunker teaches a warning section configured to issue a 
forecast to the simulated computer system based on an assessment of the one or more 
security incidents by the assessment section (col. 4, lines 60-65 and col. 5, line 5). 

As per claim 47, Bunker teaches a warning section configured to issue an alert to 
the at least one computer system based on the assessment of the security incident by 
the assessment section (col. 4, line 60), wherein the alert includes steps for responding 
to the security incident in real time [countermeasures; col. 4, lines 62-66). 

As per claim 79, Bunker teaches a training section configured to generate 
training data based on the attack simulation, the training data configured to train the at 
least one computer system to prevent the security incident; and an information sharing 
section configured to transmit the training data to the at least one computer system 
[early warning generators; col. 19, lines 49-65]. 

As per claim 80, Bunker teaches a warning section configured to issue an alert to 
the at least one computer system based on the assessment of the security incident by 
the assessment section, wherein the alert includes steps for preventing the security 
incident (col. 19, lines 52-55). 
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Claims 31, 32, 41, 42, and 76-78 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bunker and Piesco as applied to claim 28 and 38 and in further view 
of USP Application Publication 2002/0199122 to Davis et al., hereinafter Davis. 

As per claims 31 and 41 , Bunker is silent in explicitly disclosing an evaluation 
section configured to calculate expected damages from an attack based on at least one 
security incident with a similar level of attack. Bunker teaches many types of threat 
assessments and generating details analysis of those threats to the system. Davis 
teaches an evaluation section configured to calculate expected damages from an attack 
based on at least one security incident with a similar level of attack (0025 and 0033). 
This detailed report is just another analysis of the potential a threat may incur to a 
system. This claim would have been obvious because substituting known method with 
produce predictable results without changing the original intention is within the ordinary 
capabilities of one of ordinary skill in the art. Substituting or adding another type of 
assessment to the vulnerability report is obvious. 

As per claims 32 and 42, Bunker is silent in explicitly teaching an asset recovery 
section configured to provide an expected recovery time from the attack for at least one 
of the plurality of computer systems. Bunker teaches many types of threat assessments 
and generating details analysis of those threats to the system. Davis teaches an asset 
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recovery section configured to provide an expected recovery time from the attack for at 
least one of the plurality of computer systems (0025 and 0033) as being able to 
determine the elapsed time between when a vulnerability was introduced and the time a 
solution was fixed. Adding this into the report is yet another assessment detail which 
would provide a network administrator valuable knowledge pertaining to vulnerability 
assessment. Examiner supplies the same rationale to combine Bunker and Davis as 
recited in the rejection of claims 31 and 41 . Substituting or adding another type of 
assessment to the vulnerability report is obvious. 

As per claim 76, Bunker and Piesco are silent in explicitly teaching the evaluation 
section is further configured to calculate the expected damages in categories of network 
exposure, system exposure, system service delay, and network service delay. Davis 
teaches this limitation in Figure 2 and paragraphs 0030-0031 as way to break down and 
show network damages and system damages. Examiner supplies the same rationale to 
combine Bunker and Davis as recited in the rejection of claims 31 and 41 . Substituting 
or adding another type of assessment to the vulnerability report is obvious. 

As per claim 77, Bunker and Piesco are silent in explicitly teaching the evaluation 
section is further configured to calculate the expected damages in categories of root 
authority acquisition, data release, and data forgery. Davis teaches the evaluation 
section is further configured to calculate the expected damages in categories of root 
authority acquisition [root break-in], data release [account compromise lead to data 
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theft], and data forgery [account break-in, forgery of the user] (0030). Examiner 
supplies the same rationale to combine Bunker and Davis as recited in the rejection of 
claims 31 and 41 . Substituting or adding another type of assessment to the vulnerability 
report is obvious. 

As per claim 78, Bunker teaches an information sharing section configured to 
transmit the expected damages to the at least one computer system (col. 19, lines 1- 
15). 

Claims 35, 46, and 75 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bunker and Piesco as applied to claim 28 and 38 and in further view 
of USP Application Publication 2008/0016569 to Hammer et al., hereinafter Hammer. 

As per claims 35 and 46, Bunker teaches transmitting the classified security 
information and the assessment to at least one computer system (col. 4, lines 59-62). 
Bunker and Piesco are silent in teaching classifying the security information according 
to a method of attack, time of attack, frequency of attack, internet protocol address of a 
source of the attack, internet server provider of the source of the attack, and country of 
origin of the source of the attack. Hammer teaches the above limitations (001 2 and 
0015) a means of classifying security incidents. Bunker teaches classifying security 
events and Hammer just teaches more ways in which security incidents can be 
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classified. The claims are obvious because one of ordinary skill in the art can combine 
known teachings which produce predictable results. 

As per claim 75, Bunker teaches an information sharing section configured to 
transmit the classified security information and the attack assessment to the at least one 
computer system (col. 19, lines 1-15). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/M. R. V./ 

Examiner, Art Unit 2431 
/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 
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